Does anybody know how I can, or if it's possible, to set a Windows domain account as a "non-interactive" user.
I would like to set specific Windows domain service accounts as "non-interactive" so that they'll only be able to run the application they're assigned to, since you shouldn't be logging into the GUI desktop with said account anyways.
With a Group Policy.
Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment and put your user account into the "Deny log on Locally" and "Deny log on through Remote Desktop Services" lists.
This way, the user account will be unable to log on interactively to all computers where the GPO is applied.
You can also place the user account into the "Log on as a service" list, so that you have a single GPO where you manage your service user accounts by granting them the rights to log on as services and at the same time denying them the rights to perform an actual interactive login.
The original question didn't specify whether the policy on the domain accounts should be applied at a domain level or on a specific local machine. See @Massimo's answer for making a domain group policy.
For anyone who wants to apply this as a local policy on your Windows 10 Pro (not Home) machine,
Open the Local Security Policy editor by running: secpol.msc
Navigate to
Security Settings > Local Policies > User Rights Assignments.
From there, the policies that @Massimo named are available:
